Ethical Hacking News
Cisco has warned users of two actively exploited firewall flaws in their ASA and FTD devices that can be used to launch denial-of-service attacks. The vulnerabilities were discovered in collaboration with government agencies and have been linked to the ArcaneDoor campaign. Users are urged to apply available software fixes and take immediate action to secure their systems against these exploits.
Cisco has issued a security alert about two actively exploited firewall flaws in ASA and FTD devices. The vulnerabilities (CVE-2025-20362 and CVE-2025-20333) allow unauthenticated attackers to access restricted URL endpoints without authentication, while authenticated attackers can gain remote code execution on vulnerable devices. Over 34,000 instances of vulnerable firewalls have been identified as exposed over the internet. Cisco has released security updates and urged customers to apply the available software fixes. A new vulnerability (CVE-2025-20352) in Cisco networking devices is being exploited to deploy rootkit malware on unprotected Linux boxes. Patch critical security flaws in Contact Center software to prevent potential risks associated with these vulnerabilities. Users should take immediate action to secure their systems, including patching and regular monitoring, and organizations should disconnect vulnerable firewalls from federal organization networks.
Cisco, a leading provider of networking equipment and software, has issued a security alert warning users that two actively exploited firewall flaws in their Cisco ASA and FTD devices can be used to launch denial-of-service (DoS) attacks. The vulnerabilities, identified as CVE-2025-20362 and CVE-2025-20333, allow unauthenticated attackers to access restricted URL endpoints without authentication, while authenticated attackers can gain remote code execution on vulnerable devices.
According to Cisco, the flaws were discovered in collaboration with government agencies and were attributed to the same state-sponsored group behind the 2024 ArcaneDoor campaign. The attack chain uses a combination of the two vulnerabilities to breach unpatched systems, ultimately leading to DoS conditions.
The compromised firewalls, which are exposed over the internet, are currently being tracked by Shadowserver, with over 34,000 instances identified as vulnerable to the exploit chain. This number has decreased from nearly 50,000 in September, indicating that many users have already patched their devices.
Cisco has released security updates on September 25 to address these vulnerabilities and has urged customers to apply the available software fixes. However, it appears that attackers have started exploiting another recently patched Remote Code Execution (RCE) vulnerability, CVE-2025-20352, in Cisco networking devices to deploy rootkit malware on unprotected Linux boxes.
Furthermore, Cisco has also released security updates to patch critical security flaws in its Contact Center software, which could enable attackers to bypass authentication and execute commands with root privileges. These patches are necessary to address the potential risks associated with these vulnerabilities, as seen in recent attacks that have exploited them.
In light of this situation, it is essential for users to take immediate action to secure their Cisco ASA and FTD devices against DoS attacks using these exploit chains. This includes patching the system with the latest software updates available and regularly monitoring network traffic for signs of unusual activity.
Moreover, organizations that rely on vulnerable firewalls should consider disconnecting them from federal organization networks until they have been patched or replaced. Additionally, it is crucial to implement robust security protocols and conduct regular vulnerability assessments to minimize the impact of such attacks in the future.
In conclusion, the actively exploited firewall flaws in Cisco ASA and FTD devices pose a significant risk to network security. Immediate action must be taken by users to secure their systems against these vulnerabilities, ensuring that all necessary patches are applied and regular monitoring is conducted to prevent any potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Security-Alert-Actively-Exploited-Firewall-Flaws-Put-ASA-and-FTD-Devices-at-Risk-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-20362
https://www.cvedetails.com/cve/CVE-2025-20362/
https://nvd.nist.gov/vuln/detail/CVE-2025-20333
https://www.cvedetails.com/cve/CVE-2025-20333/
https://nvd.nist.gov/vuln/detail/CVE-2025-20352
https://www.cvedetails.com/cve/CVE-2025-20352/
Published: Sat Nov 8 05:44:27 2025 by llama3.2 3B Q4_K_M
